Install FIPS images
To install the FIPS-compliant build of Service Mesh Manager, complete the following steps.
-
Download the following YAML file. It contains the list of FIPS-compliant images the installer should use.
apiVersion: servicemesh.cisco.com/v1alpha1 kind: IstioControlPlane metadata: name: cp-v115x spec: version: 1.15.3 mode: ACTIVE istiod: deployment: image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-pilot:v1.15.3-bzc.0-fips proxy: image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-proxyv2:v1.15.3-bzc.0-fips proxyInit: cni: daemonset: image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-install-cni:v1.15.3-bzc.0-fips image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-proxyv2:v1.15.3-bzc.0-fips sidecarInjector: deployment: image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-sidecar-injector:v1.15.3-bzc.0-fips
-
Follow any of the regular installation guides (for example, Create single cluster mesh or Create multi-cluster mesh), but use the following customized YAML file with the initial installation command to use the FIPS-compliant versions of the images. For example, for a non-interactive single-cluster installation, run:
smm install -a --cluster-name <name-of-your-cluster> --istio-cr-file istio-fips.yaml